This site is intended for health professionals only

Take careful steps to minimise risk in 2010

6 April 2010

Share this article


Management Consultancy Director

Anne is the director of a management consultancy specialising in conciliation, complaints and conflict management. She is the author of Conciliation in Healthcare: managing and resolving complaints and conflict (2008). Anne is also a non-executive director and deputy chairman of Northumberland, Tyne and Wear NHS Foundation Trust

A new year brings new challenges … and new risks. Are you prepared for them? Back in 2008, the MiP risk management survey suggested that not all practice managers were aware of the importance of integrating risk management processes with everyday business.(1) Some indicated a lack of understanding about the value or purpose of a formal approach to risk, since:

  • A third of respondents did not have a risk management policy.
  • More than half did not have a risk register.
  • One in 10 did not have a business continuity plan in place.

It was therefore unsurprising that a quarter had not undertaken any risk management training.(1)

Practice managers’ job descriptions may not explicitly state their responsibilities in relation to risk, but a clear understanding and proactive approach to risk is essential if you are to meet the key requirements of your role. There is more to risk management than ensuring compliance with Health and Safety legislation and achieving targets relating to the Quality and Outcomes Framework (QOF).

For example, planning for business continuity in response to adverse events is crucial. The importance of this was emphasised by the British Medical Association’s GPs’ Committee (GPC) and the Royal College of GPs (RCGP) in their response to the threat of pandemic influenza, and is also highlighted in the RCGP/GPC service continuity planning framework and the primary care emergency planning toolkit.(2)

An equally robust approach needs to be taken whether an event can be anticipated, such as pandemic influenza, or is wholly unexpected, such as a fire or sudden flood. Involving external partners in emergency planning can also be invaluable, as well as working closely with other agencies in response to a disaster. Ensuring continued delivery of healthcare was a key priority for the flood-stricken practices in Cockermouth in 2009, and Morpeth in 2008. In both instances, practices relocated promptly to their respective cottage hospitals.

Some everyday hazards, such as a worn floor covering that might pose a risk of trips or falls, can be eliminated at relatively little cost. Others, however, have to be managed, and their impact lessened through mitigating actions. This requires input and involvement from the whole practice.

While clinical risks, for which individual health professionals may have personal responsibility, are self-evidently important, they cannot always be separated from the non-clinical aspects of practice organisation that can have equally severe consequences if they fail.

An administrative error that causes the loss of an important result can delay a critical diagnosis with major consequences for patient care. Failure to make or process an urgent referral can be similarly serious.

Further common examples are: failure to pass on or record important information, including telephone calls; failure to arrange follow-up appointments; and failure to review or communicate the results of investigations. No matter how well systems are designed, there will be occasional breaches and it is important to use these to identify weak points and improve them.

While standard operating procedures can be helpful in preventing administrative failures, staff need to understand why such procedures exist, as well as being flexible in their responses to circumstances not covered by specific protocols or directives. In trying to reduce risks and their impact on patient care, it is also important to ensure that the actions taken do not have unintended consequences that create new hazards.

Fundamental to building a successful safety culture in a practice is the development of a comprehensive risk management policy. It provides an opportunity for the practice to signal the importance of risk management to all its staff, as well as giving clear instruction and guidance. A risk management policy should cover key safety processes and procedures as well as promoting a culture of openness where staff recognise the importance of reporting incidents and near misses. The aim should be to encourage staff to regard risk as everybody’s business.

Identifying risks
The value of ensuring that you have identified the main risks to your organisation’s business is that you can then be proactive rather than reactive. By identifying potential hazards, you can take action to mitigate the risks, reduce the frequency of errors, and raise awareness among all staff. This should help to create a culture in which you can deliver safe, high-quality services to your patients.
A risk register is a useful tool in this respect since it enables you to:

  • Record risks.
  • Assess and prioritise risks in terms of their likelihood, impact and consequences.
  • Identify preventative or protective measures to manage the risks.
  • Highlight any gaps in controls.

To work well, a risk register should be treated as a “live” document that is discussed regularly at practice meetings. When populating the risk register, you need to consider various categories of risk. At its broadest level, a risk register needs to link to organisational objectives and cover the key risk areas facing the practice, eg: clinical; financial; employment; buildings; equipment and reputation, as well as statutory and legal targets and requirements.

Risks can be identified from a number of sources: external assessments; complaints; incidents; near misses, and other feedback from staff and patients. Involving all staff in populating the register will help to embed an appropriate safety culture. Staff training in risk should cover identification, assessment, evaluation and management of risk, as well as incident investigation. A named person needs to take responsibility (the “risk owner”) for individual risks or categories of risk, and this also needs to be recorded. It is essential to have action plans with review and/or completion dates for each task.

Where it is not possible to eliminate a risk, mitigating actions (“controls”) have to be taken in order to minimise the risk of harm. It is also helpful for a risk register to include cost-benefit analyses where relevant, since not everything can be afforded instantly. Some risks, which might originally have been regarded as low priority, may need to be escalated if the situation changes, which emphasises the importance of regularly reviewing the register.

In 2006, a report by MPS Risk Consulting, a company owned by the Medical Protection Society, identified the top 10 areas of potential risk in general practice as follows:

  • Confidentiality.
  • Prescribing.
  • Health and Safety (including security).
  • Communication.
  • Record keeping.
  • Test results.
  • Staff training.
  • Infection control.
  • Use of a chaperone.
  • Learning from events (patient safety incident reporting and significant-event audit).

Poor management in any of these areas can result in harm to patients and lay both the practice and particular individuals open to complaints and litigation.

A key feature of an organisation that is striving for continuous improvement is a willingness to learn not only from its own incidents, but also to take advantage of learning opportunities afforded by the experiences of others. For example, in the report Spotlight on Complaints 2009, the Healthcare Commission reviewed general practice complaints and made recommendations along the following lines:(3)

  • Ensure good record keeping in line with General Medical Council (GMC) guidance, including the logging of telephone calls and home visits.
  • Promote openness and a culture of learning so that complaints are viewed in a positive light and contribute to improvements in service delivery.
  • Make sure that systems covering prescribing, information and administrative procedures are effective, and give particular attention to the recording and transfer of information from outside agencies.
  • Be mindful of the value of accessing independent advice at an early stage, particularly in relation to more serious or complex complaints.

Seven steps to patient safety
At one time, risk management was viewed as being primarily concerned with the avoidance of clinical litigation and complaints. It now has a much broader focus and is at the heart of the quality agenda, which emphasises continuous improvement in the areas of patient safety, clinical effectiveness, and the patient or user experience.

Indeed, From Good to Great: Preventative, People-centred, Productive, which outlines the NHS vision for the next five years, makes constant reference to patient safety.(4) It should be the aim for any organisation delivering healthcare to avoid causing harm to patients. Practices may find the Seven Steps to Patient Safety in General Practice a valuable resource when considering patient safety.(5) This guidance, from the National Patient Safety Agency (NPSA), has been developed with GPs, nurses and practice managers to provide a practical framework for improving patient safety.

The Seven Steps are:

  • Build a safety culture.
  • Lead and support your staff.
  • Integrate your risk management activity.
  • Promote reporting.
  • Involve and communicate with patients and the public.
  • Learn and share safety lessons.
  • Implement solutions to prevent harm.

This document could provide a useful basis for staff training since it provides practical examples of different tools and techniques to support clinical risk management. It also covers the issue of incident reporting, since an effective safety culture is one in which staff are encouraged to reflect on incidents and learn from them. The NPSA says the following are the top reported incident types in general practice:(6)

  • Medication.
  • Documentation (including records and identification).
  • Consent, communication, confidentiality.
  • Access, admission, transfer, discharge (including missing patient).
  • Clinical assessment (including diagnosis, scans, tests and assessments).
  • Treatment and procedure.
  • Patient accident.
  • Infrastructure (including staffing, facilities and environment).
  • Implementation of care and ongoing monitoring/review.

Effective handling of complaints and incidents is an important component of any risk management system. Each should be subjected to root cause analysis, and actions should be taken to prevent recurrence. Lessons arising from them should be disseminated and, where relevant, incorporated into staff training.

Staff are more likely to respond positively when they understand the reasons for adherence to specific procedures – for example, in relation to complaints handling. Responding appropriately and recording verbal complaints or concerns will minimise the risk of situations escalating and causing further expressions of dissatisfaction from the complainant.

The future
At the Wellards Annual Conference in 2009,
Dr David Colin-Thomé, the Department of Health primary care czar, made reference to the following issues, which will affect primary care:

  • Registration and inspection by the Care Quality Commission, which will apply to all general medical and dental practices from 2011/12.
  • Quality accounting, which will be in place by June 2011.
  • The widening remit of the Patient Survey.
  • The proposed Royal College of GPs’ accreditation scheme.
  • Examination of the current QOF indicators by the National Institute for Health and Clinical Excellence (likely to report in 2011).

These all represent challenges for general practice and inevitably carry attendant risks. Are you prepared? Does your practice have a robust and effective approach to risk, or should you make 2010 the year you put risk management at the heart of your practice activities?

1. Gidden S. Risky business? Results of the MiP Risk Management Survey. Management in Practice 2008;14:13-18.
2. British Medical Association. Business continuity planning for GPs. Available from:…
3. Healthcare Commission. Spotlight on Complaints. A report on second-stage complaints about the NHS in England. London: Commission for Healthcare Audit and Inspection; 2009.
4. HM Government, Command Paper 7775. NHS 2010–2015: From good to great: Preventative, people-centred, productive. London: The Stationery Office; 2009.
5. The National Patient Safety Agency. Seven
steps to patient safety in general practice. London: NPSA; 2009.
6. The National Patient Safety Agency. National reporting and learning system: quarterly data summary 14. London: NPSA; 2009.